Rules engine to enforce access control policy
Go to file
Lance Bragstad b9fd10e261 Prevent sensitive target data from being logged
A previous commit made some changes to allow for more robust logging
of RBAC enforcement data:

  I4642c57990b145c0e691140970574412682e66a5

This also included logging of the target data, which is provided by
the service calling policy enforcement.

This commit makes it so that target data is protected from exposing
sensitive information. A good example is doing operations on users
in keystone since keystone would populate the target dictionary
with user information, and possibly passwords.

This issue was found in keystone unit testing while trying to consume
oslo.policy 1.43.0.

Change-Id: I2702df8f3d7c040312eb863f7772b129e0e2c45c
2018-12-05 22:23:08 +00:00
doc/source Correct typo in docs 2018-11-26 15:15:26 -05:00
oslo_policy Prevent sensitive target data from being logged 2018-12-05 22:23:08 +00:00
releasenotes Add ability to pass in target data for the oslopolicy-checker 2018-11-02 14:14:21 +02:00
sample_data Add oslopolicy-checker command-line tool 2016-01-12 15:44:03 -06:00
.coveragerc Fix coverage configuration and execution 2015-10-01 15:39:58 +00:00
.gitignore Clean up .gitignore references to personal tools 2018-10-15 11:50:32 +08:00
.gitreview exported from oslo-incubator by graduate.sh 2014-12-09 14:40:01 -03:00
.mailmap exported from oslo-incubator by graduate.sh 2014-12-09 14:40:01 -03:00
.stestr.conf Fix requirements and convert to stestr 2018-07-02 17:30:07 +00:00
.zuul.yaml add lib-forward-testing-python3 test job 2018-08-11 18:20:14 -04:00
CONTRIBUTING.rst Optimize the link address 2017-04-08 23:36:11 +08:00
HACKING.rst Update URLs in documents according to document migration 2017-07-12 23:01:31 +08:00
LICENSE exported from oslo-incubator by graduate.sh 2014-12-09 14:40:01 -03:00
README.rst Remove PyPI downloads 2018-08-07 06:00:35 +00:00
babel.cfg exported from oslo-incubator by graduate.sh 2014-12-09 14:40:01 -03:00
lower-constraints.txt Add domain scope support for scope types 2018-11-30 14:52:36 +00:00
requirements.txt Add domain scope support for scope types 2018-11-30 14:52:36 +00:00
setup.cfg Change openstack-dev to openstack-discuss 2018-12-04 09:47:03 +08:00
setup.py Updated from global requirements 2017-03-03 03:07:08 +00:00
test-requirements.txt Add domain scope support for scope types 2018-11-30 14:52:36 +00:00
tox.ini Fix requirements and convert to stestr 2018-07-02 17:30:07 +00:00

README.rst

Team and repository tags

image

oslo.policy

Latest Version

The Oslo Policy library provides support for RBAC policy enforcement across all OpenStack services.